Categories

Archives

security

Weak and reused passwords continue to be a common entry point for account or identity takeover and network intrusions. Simple steps and tools exist to help you achieve unique, strong passwords for your accounts.

A password is often all that stands between you and sensitive data. It’s also often all that stands between a cyber criminal and your account. Below are tips to help you create stronger passwords, manage them more easily, and take one further step to protect against account theft.

Always: Use a unique password for each account so one compromised password does not put all of your accounts at risk of takeover.

Good: A good password is 10 or more characters in length, with a combination of uppercase and lowercase letters, plus numbers and/or symbols — such as pAMPh$3let. Complex passwords can be challenging to remember for even one site, let alone using multiple passwords for multiple sites; strong passwords are also difficult to type on a smartphone keyboard (for an easy password management option, see “best” below).

Better: A passphrase uses a combination of words to achieve a length of 20 or more characters. That additional length makes it’s exponentially harder for hackers to crack, yet a passphrase is easier for you to remember and more natural to type. To create a passphrase, generate four or more random words from a dictionary, mix in uppercase letters, and add a number or symbol to make it even stronger — such as rubbishconsiderGREENSwim$3. You’ll still find it challenging to remember multiple passphrases, though, so read on.

Best: The strongest passwords are created by password managers — software that generates and keeps track of complex and unique passwords for all of your accounts. All you need to remember is one complex password or passphrase to access your password manager. With a password manager, you can look up passwords when you need them, copy and paste from the vault, or use functionality within the software to log you in automatically. Best practice is to add two-step verification to your password manager account. Keep reading!

Step it up! When you use two-step verification (a.k.a., two-factor authentication or login approval), a stolen password doesn’t result in a stolen account. Anytime your account is logged into from a new device, you receive an authorization check on your smartphone or another registered device. Without that second piece, a password thief can’t get into your account. It’s the single best way to protect your account from cyber criminals.

Just because mail seems to come from a university address, doesn’t mean to say that it is legitimate.

The latest phishing scam making its rounds at the university is being sent from a compromised student account. The subject line is all in capital letters and is meant to frighten you into clicking on a link and filling in your details. This is probably how the student account that is now sending it was originally compromised.

This is a typical phishing scam. Do not respond or click on any of the links. Many thanks to all the observant students who picked it up and pointed it out to us.

According to the US Department of Justice, more than 17 million Americans were victims of identity theft in 2014. EDUCAUSE research shows that 21 percent of respondents to the annual ECAR student study have had an online account hacked, and 14 percent have had a computer, tablet, or smartphone stolen. Online fraud is an ongoing risk. The following tips can help you prevent identity theft.

Read your credit card, bank, and pay statements carefully each month. Look for unusual or unexpected transactions. Remember also to review recurring bill charges and other important personal account information.

Shred it! Shred any documents with personal, financial, or medical information before you throw them away.

Take advantage of free annual credit reports. In South Africa TransUnion, Experian and CompuShare can provide these reports.

If a request for your personal info doesn’t feel right, do not feel obligated to respond! Legitimate companies won’t ask for personal information such as your ID number, password, or account number in a pop-up ad, e-mail, SMS, or unsolicited phone call.

Limit the personal information you share on social media. Also, check your privacy settings every time you update an application or operating system (or at least every few months).

Several of our observant personnel have picked up that a very suspicious e-mail is making the rounds at the moment.

The subject is “NOTIFICATION: Your 13.69% Salary Increase”.

This is a very dangerous e-mail. Clicking on the link will take you to a forged version of the SUN e-HR site. If you enter your username and password (because the site looks like the SUN e-HR site), the criminals will have been given access to your personal details on SUN e-HR. The ramifications of this will mean that the scammers will potentially be able to get details such as your banking details, ID number, place of residence, that are all stored on the SUN e-HR system. They will potentially then be able to steal your salary.

The e-mail contains the following message:

Hello,

Attached herewith are two (2) documents summarizing your April salary as reviewed for a 13.69% merit increase in Financial Year 2017.

This review is with immediate effect starting Friday April 28th Paycheque.

Deductions and bonuses are advised therein

The documents are attached below:

…

Below is what the forged site looks like. The address is not a university server BUT very few people notice such details and tend to skim over them.